Over the past several years, agile software development has become an accepted method for developing software products. There have been questions from both manufacturers and regulators as to whether (or which) agile practices are appropriate for developing medical device software. Enough medical device manufacturers have implemented agile practices in their software development so that answers to these questions can be documented. Having clear guidance of which practices have been found to be appropriate will be very useful for all developers of medical device software. This TIR will provide recommendations for complying with international standards and U.S. Food and Drug Administration (FDA) guidance documents when using agile practices to develop medical device software.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 1<\/td>\n | AAMI TIR45:2023; Guidance on the use of AGILE practices in the development of medical device software <\/td>\n<\/tr>\n | ||||||
| 3<\/td>\n | Title page <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | AAMI Technical Information Report Copyright information <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Contents <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Committee representation <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 1 Scope 1.1 Inclusions 1.2 Exclusions <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 1.3 Organization: Navigating this document <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 3 Terms and definitions 3.1 agile 3.2 acceptance test-driven development ATDD 3.3 backlog <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 3.4 build 3.5 burndown\/burnup chart 3.6 CAPA 3.7 design input\/output 3.8 done 3.9 emergence\/emergent 3.10 evolutionary strategy <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | Figure 1\u2014EVOLUTIONARY life cycle 3.11 executable requirements 3.12 increment 3.13 incremental <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | Figure 2\u2014INCREMENTAL life cycle: \u201cStaged delivery\u201d <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 3\u2014INCREMENTAL life cycle: \u201cDesign to schedule\u201d 3.14 increment layer 3.15 iteration 3.16 lean <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 3.17 product layer 3.18 release 3.19 release layer 3.20 refactor\/refactoring 3.21 retrospective 3.22 software development life cycle model <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 3.23 software of unknown provenance SOUP 3.24 stakeholder 3.25 story 3.26 story layer 3.27 test-driven development TDD 3.28 traceability <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 3.29 validation 3.30 verification 3.31 waterfall 4 Setting the stage 4.1 The AGILE perspective 4.1.1 Agile benefits, values, principles, and practices <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4.2 The regulatory perspective 4.2.1 The United States FDA regulatory perspective <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | Figure 4\u2014Design Controls from 21 CFR 820.30 4.2.2 European Union (EU) and other regulatory perspectives 4.2.3 IEC 62304 standard <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 4.2.4 Regulatory goals, values, principles, and practices <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 4.2.5 Where to learn more 4.3 Aligning perspectives 4.3.1 Aligning on goals 4.3.2 Aligning on values <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 4.3.3 Aligning AGILE with a quality management system <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 4.3.4 Aligning on the level of rigor and robustness 5 Aligning on concepts 5.1 incremental\/evolutionary life cycle <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 5.1.1 Specifying the software development life cycle 5.1.2 Mapping the process model to the life cycle model <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | Figure 5\u2014Mapping IEC 62304\u2019s activities into AGILE\u2019S INCREMENTAL\/EVOLUTIONARY life cycle <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 5.1.3 Executing process activities in multiple layers of abstraction <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 5.1.4 Process flow: the timing and sequence of process activity execution <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 5.1.5 Frequency and granularity of process activities 5.1.6 The importance of integration activities 5.1.7 The importance of software configuration management <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 5.1.8 Defining \u201cdone\u201d 5.1.9 Feedback mechanisms <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 5.1.10 Aligning agile and non-agile development teams 5.1.10.1 Planning and synchronization 5.1.10.2 Aligning design inputs <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 5.1.10.3 Aligning design outputs <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 5.2 Inputs and outputs 5.2.1 Which inputs 5.2.2 Entry criteria for inputs <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 5.2.3 Exit criteria for outputs 5.3 Design inputs and design outputs <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 5.3.1 Activities for producing DESIGN INPUTs and DESIGN OUTPUTs <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | Figure 6\u2014DESIGN INPUT\/OUTPUT relationship: Highest level of abstraction 5.3.2 Breaking up the work Figure 7\u2014DESIGN INPUT\/OUTPUT relationship: WATERFALL development <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | Figure 8\u2014DESIGN INPUT\/OUTPUT relationship: INCREMENTAL\/EVOLUTIONARY 5.3.3 Timing of design inputs and design outputs within an agile story <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Figure 9\u2014DESIGN INPUT\/OUTPUT relationship: STORY level Figure 10\u2014DESIGN INPUT\/OUTPUT relationship: STORY level showing activities <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Figure 11\u2014DESIGN INPUT\/OUTPUT relationship: STORY level showing detail and sequencing 5.3.4 Inputs to agile STORIES <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 5.3.5 Synchronizing design inputs and design outputs Figure 12\u2014Synchronizing DESIGN INPUT\/OUTPUT at INCREMENT and RELEASE boundaries <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 5.3.6 Final verification 5.4 Design reviews <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 5.4.1 Formal design review at stage boundaries 5.4.2 Reviews as a verification activity 5.4.3 Independence of review <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 5.5 Documentation 5.5.1 Use of documentation Figure 13\u2014A linear flow of process activities <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | Figure 14\u2014A parallel flow of process activities <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 5.5.2 Sequencing of documentation activities 5.5.3 Sum-of-the-parts of documentation <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Figure 15\u2014Sum-of-the-parts documentation 5.5.4 Process artifacts (the audit trail) <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 5.5.5 Approvals and evidence <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 5.6 Managing the dynamic nature of agile <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 5.6.1 Embrace change, manage change 5.6.2 Satisfy the customer 5.6.3 Maintain the software development process <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | 5.6.4 The role of software tools in regulated agile <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 5.7 Human safety risk management <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 6 Aligning on practices 6.1 Addressing IEC 62304 in an agile way 6.1.1 Topics related to planning 6.1.1.1 Is agile too undisciplined to meet planning requirements? 6.1.1.2 Is shippable software, after every increment, a realistic expectation? <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 6.1.1.3 Agile\u2019s focus on \u201cworking software\u201d and continuous integration forms a very effective integration strategy 6.1.1.4 agile’s done is done concept is core to creating a verification plan <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 6.1.2 Topics related to software requirements analysis and documentation 6.1.2.1 Relationship between STORIES and requirements <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 6.1.2.2 STORIES and Requirements: One thing or two? <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 6.1.2.3 When does a story have enough definition to begin work? 6.1.2.4 Requirements done when a story is done 6.1.2.5 Requirements documentation 6.1.2.6 Can executable requirements be a valid part of the requirements definition and documentation? <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 6.1.2.7 How does agile address requirements verification and validation? 6.1.3 Topics related to software architecture 6.1.3.1 Evolving architecture <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 6.1.3.2 Architecture planning 6.1.3.3 Architecture verification <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 6.1.4 Topics related to detailed design 6.1.4.1 Activities of detailed design 6.1.4.2 Emergent design <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 6.1.4.3 Documentation of detailed design 6.1.5 Topics related to implementation and unit verification <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 6.1.6 Topics related to integration and integration testing <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | 6.1.7 Topics related to software system testing 6.1.7.1 The importance of software system test planning 6.1.7.2 The value of continuous testing 6.1.7.3 The importance of regression testing <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 6.1.7.4 Tests are as important as the code 6.1.7.5 Documentation of software system testing results 6.1.7.6 Traceability to Software System Testing 6.1.8 Topics related to software release <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | 6.1.9 Topics related to configuration management and change management 6.1.9.1 Software configuration identification 6.1.9.2 Agile\u2019s impact on change control <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 6.1.10 Objective evidence for activities defined in IEC 62304 <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Table 1\u2014Examples of objective evidence <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | 6.2 Using agile practices for regulatory compliance <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 6.2.1 Product backlog, backlog Refinement, and \u201cDefinition of Ready\u201d <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 6.2.2 Sprint backlog 6.2.3 ITERATIONS and increments 6.2.4 \u201cDefinition of Done\u201d <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | 6.2.5 iteration review 6.2.6 Product owner role <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 6.2.7 Scrum master role <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 6.2.8 Development team role 6.2.9 Continuous integration 6.2.10 Pairing <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 6.2.11 Test driven development 6.2.12 \u201cStop the line\u201d 6.2.13 retrospectives\/reflections <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | 6.2.14 Collective ownership 6.2.15 Coding standards <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | 6.3 Addressing other regulatory requirements in an agile way 6.3.1 Topics related to design validation <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | Figure 16\u2014Design validation activities in an AGILE model 6.3.1.1 Using a story\u2019s definition as inputs to design validation 6.3.1.2 Product owner role in design validation <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | 6.3.1.3 Demo as a design validation activity 6.3.1.4 Design validation testing in the agile model <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | 6.3.1.5 Aligning incremental design validation with regulatory requirements <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | 6.3.2 Topics related to risk management (safety) Figure 17\u2014Risk management activities in an AGILE model <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | 6.3.2.1 Risk management as part of backlog management 6.3.2.2 Risk management as part of backlog execution 6.3.2.3 Integrating risk management expertise <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 6.3.3 Topics related to cybersecurity Figure 18\u2014Cybersecurity activities in an AGILE model 6.3.3.1 Cybersecurity as part of backlog management <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | 6.3.3.2 Cybersecurity as part of backlog execution 6.3.3.3 Integrating cybersecurity expertise 6.3.4 Topics related to usability <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | Figure 19\u2014Usability activities in an AGILE model 6.3.4.1 Product owner\u2019s role in usability 6.3.4.2 Usability as part of backlog management <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | 6.3.4.3 Usability as part of backlog execution 6.3.4.4 Addressing usability during product demos 6.3.4.5 Integrating usability expertise <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | Appendix A (informative) Analysis of the value statements from the manifesto for agile software development A.1 Individuals and interactions over process and tools <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | A.2 Working software over comprehensive documentation A.3 Customer collaboration over contract negotiation <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | A.4 Responding to change over following a plan <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | Appendix B (informative) Applying agile development to IEC 62304 \u2013 Quick Guide B.1 Regulation, Standards and Procedures B.2 agile Software Development and 62304 <\/td>\n<\/tr>\n | ||||||
| 97<\/td>\n | Figure B.1\u2014Overview of software development processes and activities <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | Figure B.2\u2014Medical Device Standards and 62304 processes B.3 agile – 4 layers of abstraction <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | B.3.1 Planning for Development for each of the agile Layers Figure B.3\u201462304 Planning activities <\/td>\n<\/tr>\n | ||||||
| 100<\/td>\n | B.3.2 The product layer <\/td>\n<\/tr>\n | ||||||
| 101<\/td>\n | B.3.3 The Release Layer B.3.4 The Increment Layer B.3.5 The story layer <\/td>\n<\/tr>\n | ||||||
| 102<\/td>\n | B.4 Software Integration and Integration Testing <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | B.5 Software System Testing <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | Appendix C (informative) Quick reference guide Table C.2\u2014Index of activities of interest Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" AAMI TIR45:2023 Guidance on the use of agile practices in the development of medical device software<\/b><\/p>\n |